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Application No. 
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Applicant(s) 
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~ The MAILING DATE of this communication appears on the cover sheet with the correspondence address- 
All claims being allowable, PROSECUTION ON THE MERITS IS (OR REMAINS) CLOSED in this application. If not included 
herewith (or previously mailed), a Notice of Allowance (PTOL-85) or other appropriate communication will be mailed in due course. THIS 
NOTICE OF ALLOWABILITY IS NOT A GRANT OF PATENT RIGHTS. This application is subject to withdrawal from issue at the initiative 
of the Office or upon petition by the applicant. See 37 CFR 1.313 and MPEP 1 308. 

1 . lEI This communication is responsive to the amendments filed on 1 1/19/09 and the interview conducted on 03/1 1/10. 

2. ^ The allowed claim(s) is/are 1-26.30.31.33.34.36 and 37 . 

3. □ Acknowledgment is madeof a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 

a) □ All b) □ Some* c) □ None of the: 

1 . □ Certified copies of the priority documents have been received. 

2. □ Certified copies of the priority documents have been received in Application No. . 

3. □ Copies of the certified copies of the priority documents have been received in this national stage application from the 

International Bureau (PCT Rule 17.2(a)). 
* Certified copies not received: . 

Applicant has THREE MONTHS FROM THE "MAILING DATE" of this communication to file a reply complying with the requirements 
noted below. Failure to timely comply will result in ABANDONMENT of this application. 
THIS THREE-IWIONTH PERIOD IS NOT EXTENDABLE. 

4. □ A SUBSTITUTE OATH OR DECLARATION must be submitted. Note the attached EXAMINER'S AMENDMENT or NOTICE OF 

INFORMAL PATENT APPLICATION (PTO-152) which gives reason(s) why the oath or declaration is deficient. 

5. □ CORRECTED DRAWINGS ( as "replacement sheets") must be submitted. 

(a) □ including changes required by the Notice of Draftsperson's Patent Drawing Review ( PTO-948) attached 

1 ) □ hereto or 2) □ to Paper No./Mail Date . 

(b) □ including changes required by the attached Examiner's Amendment / Comment or in the Office action of 

Paper No./Mail Date . 

Identifying indicia such as the application number (see 37 CFR 1.84(c)) should be written on the drawings in the front (not the back) of 
each sheet. Replacement sheet(s) should be labeled as such in the header according to 37 CFR 1.121(d). 

6. □ DEPOSIT OF and/or INFORMATION about the deposit of BIOLOGICAL MATERIAL must be submitted. Note the 

attached Examiner's comment regarding REQUIREMENT FOR THE DEPOSIT OF BIOLOGICAL MATERIAL. 



Attachment(s) 

1 . □ Notice of References Cited (PTO-892) 

2. □ Notice of Draftperson's Patent Drawing Review (PTO-948) 

3. □ Information Disclosure Statements (PTO/SB/08), 

Paper No./Mail Date 

4. □ Examiner's Comment Regarding Requirement for Deposit 

of Biological Material 



5. □ Notice of Informal Patent Application 

6. □ Interview Summary (PTO-413), 

Paper No./Mail Date . 

7. M Examiner's Amendment/Comment 

8. □ Examiner's Statement of Reasons for Allowance 

9. □ Other . 
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Art Unit: 2435 

EXAMINER'S AMENDMENT 

1 . An examiner's amendment to the record appears below. Should the changes and/or 
additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 
1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the 

payment of the issue fee. 

2. As per MPEP 713.04, a separate interview summary form is not provided as the 
substance of the interview has been summarized herein. 

Authorization for this examiner's amendment was given in a telephone interview with 
Tim Dyll (No. 62,796) on 03/1 1/10. 

The application has been amended as follows: 

• Please cancel Claim 35. 

• Please amend Claims 1, 4, 9, 16 and 34 as follows. 

• Please add Claims 36 and 37 as follows. 

1. (Currently Amended) A method for maintaining computer security comprising: 
providing a signature file containing information about known system vulnerabilities, the 
information comprising a predefined length of a Universal Resource Locator ("URL") for a 
message heade r, the predetermined length indicating a maximum amount of data that may be 
stored in a buffer of a web server : 

at a reverse proxy server residing between at least one client computer and tiie ar-web 

server: 

receiving an incoming message from the at least one client computer, wherein the 
incoming message, if malicious and upon receipt by the web server, automatically causes 
the web server to perform an action which exploits a vulnerability of the web server; 
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comparing a length of a URL in a message header of the incoming message ("the 
incoming URL") with the predefined length in the signature file to determine whether the 
incoming message is malicious , wherein the length of the incoming URL indicates an 
amount of data that the incoming message will attempt to store on the buffer if the 

incoming message is received by the web server ; and 

if the length of the incoming URL exceeds the predefined length, determining that 
the incoming message is malicious because the incoming message is capable of causing 
the buffer to overflow and blocking the incoming message fi-om reaching the web server. 

4. (Currently Amended) The method of claim 1, fiirther comprising forwarding the 
reassembled incoming m essage to the web server if the length of the incoming URL is less than 
the predefined length. 

9. (Currently Amended) A system for maintaining computer security comprising: 
a web server: 

a signature file containing information about known system vulnerabilities, the 
information comprising a predefined length of a Universal Resource Locator ("URL") for a 
message heade r, the predetermined length indicating a maximum amount of data that may be 
stored in a buffer of the web server : and 

a w e b server; and 

a tangible processor controlled device comprising a reverse proxy server residing 
between at least one client computer and the web server, the reverse proxy server configured to: 

receive an incoming message from the at least one client computer, wherein the 
incoming message, if malicious and upon receipt by the web server, automatically causes 
the web server to perform an action which exploits a vulnerability of the web server; 

compare a length of a URL in a message header of the incoming message ("the 
incoming URL") with the predefined length in the signature file to determine whether the 
incoming message is malicious , wherein the length of the incoming URL indicates an 
amount of data that the incoming message will attempt to store on the buffer if the 
incoming message is received by the web server : and 
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if tiie length of the incoming URL exceeds the predefined length, determine that 
the incoming message is malicious because the incoming message is capable of causing 
the buffer to overflow and block the incoming message from reaching the web server. 

16. (Currently Amended) A [[tangible]] non-transitory computer storage medium 
including computer executable code for maintaining computer security, the computer executable 
code comprising: 

code for accessing a signature file containing information about known system 
vulnerabilities, the information comprising a predefined length of a Universal Resource Locator 
("URL") for a message heade r, the predetermined length indicating a maximum amount of data 
that may be stored in a buffer of a web server : 

code for at a hypertext transfer protocol ("HTTP") reverse proxy server residing between 
at least one client computer and arthe web server: 

receiving an incoming message from the at least one client computer, wherein the 
incoming message, if malicious and upon receipt by the web server, automatically causes 
the web server to perform an action which exploits a vulnerability of the web server; 

comparing a length of a URL in a message header of the incoming message ("the 
incoming URL") with the predefined length in the signature file to determine whether the 
incoming message is malicious , wherein the length of the incoming URL indicates an 
amount of data that the incoming message will attempt to store on the buffer if the 
incoming message is received bv the web server : and 

if the length of the incoming URL exceeds the predefined length, determining that 
the incoming message is malicious because the incoming message is capable of causing 
the buffer to overflow and blocking the incoming message from reaching the web server. 

34. (Currently Amended) A method for maintaining computer security comprising: 
providing a signature file containing information about known system vulnerabilities, the 
information comprising a predefined length of a Universal Resource Locator ("URL") for a 
message heade r, the predetermined length indicating a maximum amount of data that mav be 
stored in a buffer of a web server : 
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receiving an incoming message from at least one client computer; 

comparing a length of a URL in a message header of the incoming message ("the 
incoming URL") with the predefined length in the signature file to determine whether the 
incoming message is malicious , wherein the length of the incoming URL indicates an amount of 
data that the incoming message will attempt to store on the buffer if the incoming message is 
received by the web server ; and 

if the length of the incoming URL is greater than the predefined length, determining that 
the incoming message is malicious because the incoming message is capable of causing the 
buffer to overflow and blocking the incoming message from reaching [[a]]tiie web server. 

36. (New) The method of Claim 34, fiirther comprising if the incoming message is 
determined to be malicious, blocking fixture messages received from the at least one client 
computer. 

37. (New) The method of Claim 34, fiirther comprising forwarding the incoming 
message to the web server if the length of the incoming URL is less than the predefined length. 

3. The following is an examiner's statement of reasons for allowance: the amendments 
and/or arguments filed by the Applicant have been considered and are persuasive, in particular 
those found on pages 1 1-14 of the remarks filed on 1 1/19/09. Therefore, Claims 1-26, 30, 31, 
33, 34, 36 and 37 have been deemed allowable over the prior art of record. 

Any comments considered necessary by applicant must be submitted no later than the 
payment of the issue fee and, to avoid processing delays, should preferably accompany the issue 
fee. Such submissions should be clearly labeled "Comments on Statement of Reasons for 
Allowance." 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to EDWARD ZEE whose telephone number is (571)270-1686. The 
examiner can normally be reached on Monday through Thursday 9:00AM-5:00PM EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Y. Vu can be reached on (571) 272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an appUcation may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/E. Z./ 

Examiner, Art Unit 2435 
/Kimyen Vu/ 

Supervisory Patent Examiner, Art Unit 2435 



